Desktop computers, mobile devices and tablet computers have no built-in security mechanisms for user authentication with web services and applications, other than the traditional Personal Identification Number (PIN) or use of additional devices like smart cards or One-Time Password (OTP) tokens. However, web services and applications for banking access rely on a strong user authentication to protect customer data and funds against unauthorized access. For authentication of users to be non-annoying and not disrupting, a behavioral authentication which is transparent to the user is seen as a favorite method. Additionally, biometric methods are being used more frequently on mobile devices and desktop computers.
There are several patent applications and issued patents in the field of user authentication which use biometric methods to identify users on mobile devices. In U.S. Patent Publication No. 2010/0225443, a system is described for user authentication using touch sensitive elements and/or using a signature of the user. In U.S. Patent Publication No. 2011/0126024, a method and system are described for combining a PIN and a biometric sample. In PCT/US2013/041868 a fingerprint sensor is used to navigate through Graphical User Interface (GUI) and applications.
Fingerprint sensors are being used for authentication of users using mobile devices and desktop computers. The problem with fingerprint technology is that it can be spoofed by using forged fingerprints or rubber finger coverings. Although there are existing fingerprint systems, which use liveliness detections and other enhancements, these tend to be expensive and are not easily integrated into mobile phones, because of the small form factor. Thus there is need for a simple, low cost, and small fingerprint system.
Furthermore voice and visual biometrics has been used to authenticate users on desktop and mobile devices. Voice and visual biometrics also tend to be prone to spoofing by using photographs and voice recordings.